package com.example.securitymy.controller;

import com.example.securitymy.domain.ResponseResult;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {
    @GetMapping("/hello")
    @PreAuthorize("hasAuthority('user')")
    public String hello(){
        return "hello";
    }
    @GetMapping("/read")
    @PreAuthorize("hasAuthority('system:user:read')")
    public String read(){
        return "read";
    }
    @GetMapping("/edit")
    @PreAuthorize("hasAuthority('content:article:edit')")
    public String edit(){
        return "hello";
    }

    @GetMapping("/test401")
    //主动设置http状态码为401未授权
    @ResponseStatus(value = org.springframework.http.HttpStatus.UNAUTHORIZED)
    public String test401(){
        return "未登录测试";
    }
}
